Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/softcreatr/wsc-crypto-php
https://github.com/softcreatr/wsc-crypto-php
Last synced: 22 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/softcreatr/wsc-crypto-php
- Owner: SoftCreatR
- License: isc
- Created: 2024-10-11T10:14:31.000Z (3 months ago)
- Default Branch: main
- Last Pushed: 2024-10-11T12:25:12.000Z (3 months ago)
- Last Synced: 2024-12-09T14:59:23.795Z (22 days ago)
- Language: PHP
- Homepage:
- Size: 14.6 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE.md
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# wsc-crypto-php
PoC of cryptographic utility functions for WoltLab Suite Core, implemented in PHP.
## Overview
This project provides cryptographic helper functions, including:
- **Creating secure signatures** based on the Keyed-Hash Message Authentication Code (HMAC) algorithm.
- **Base64 encoding and decoding** without cache-timing leaks.
- **Parsing and verifying signed strings** to ensure data integrity and authenticity.## Installation
Use Composer to install the package:
```bash
composer require softcreatr/wsc-crypto-php
```## Usage
For detailed usage examples, please refer to the [examples](./examples/) directory.
### Examples
- [Creating and Verifying a Signed String](./examples/createAndVerifySignedString.php)
- [Handling a Session Cookie](./examples/handleSessionCookie.php)
- [Parsing a Signed String Directly](./examples/parseSignedString.php)## Testing
The project includes a comprehensive test suite using PHPUnit.
### Running Tests
1. **Install Dependencies:**
Ensure all dependencies are installed via Composer:
```bash
composer install
```2. **Run PHPUnit with Coverage:**
Execute the following command to run your tests and generate an HTML coverage report:
```bash
./vendor/bin/phpunit --coverage-html coverage
```3. **View Coverage Report:**
Open `coverage/index.html` in your browser to view detailed coverage statistics.
## License
This project is licensed under the [ISC License](https://github.com/SoftCreatR/wsc-crypto-php/blob/main/LICENSE.md). See the [LICENSE](https://github.com/SoftCreatR/wsc-crypto-php/blob/main/LICENSE.md) file for details.
## Author
- **Sascha Greuel**
- **Email:** [[email protected]](mailto:[email protected])
- **GitHub:** [SoftCreatR](https://github.com/SoftCreatR)## Security Considerations
- **Protect the `signatureSecret`:** Ensure that the signature secret is stored securely and not exposed in version control or logs.
- **Validate Inputs:** Always validate and sanitize inputs when dealing with signed strings to prevent security vulnerabilities.## Contributing
Contributions are welcome! Please open issues or submit pull requests for improvements and bug fixes.
## Acknowledgments
- [ParagonIE](https://github.com/paragonie) for their constant-time encoding library.
- Inspired by WoltLab's WCF Crypto utilities.